2.3.2. TPS Operations

The TPS is the conduit between the Enterprise Security Client and the other subsystems (CA, TKS, DRM). The token operations are posted to the TPS using SSL and the URL of the management interface:
There are a number of available operations, and each operation is limited so that only certain types of TPS users can initiate it (Section 2.4.6, “Users, Authorization, and Access Controls”). In general, TPS oeprations include:
  • Formatting smart cards
  • Resetting the PIN on smart card tokens
  • Upgrading the applet for smart card tokens
  • Enrolling smart cards through the Enterprise Security Client
  • Performing LDAP authentication
  • Managing the token database
  • Logging token events
Operations may have additional parameters that are passed with them. For example, changing the status of a smart card is the do_token operation, but what that status is changed to is set in the question= parameter (where 1 through 6 set the new token status) and the token being changed is identified in the tid= parameter. To change a token with the ID of 1234 to be temporarily lost (3) posts the following URL:


Operations are always submitted to the token database or TUS interface of the TPS, which is its administrative interface. This is the interface used by administrators and agents who access the administrative web UI for the TPS and for services. The Enterprise Security Client and other end-user functions access the smart card or TPS interface.